Wildcard MX Support

[mikedibella]

Academic question for the community.

If I had a use case where I wanted to receive mail for a dynamically-generated subdomain, say thread-id.domain.com, using a wildcard MX record at domain.com, what would the pseudo-code look like for the scripting to dynamically generate the Domain object and set-up a catch-all address for all local-part variants @thread-id.domain.com?

What On... event would trigger the on-demand provisioning?

[palinka]

Academic question for the community.

If I had a use case where I wanted to receive mail for a dynamically-generated subdomain, say thread-id.domain.com, using a wildcard MX record at domain.com, what would the pseudo-code look like for the scripting to dynamically generate the Domain object and set-up a catch-all address for all local-part variants @thread-id.domain.com?

What On... event would trigger the on-demand provisioning?

I think the domain has to be created before you receive a message on it, or else hms will kick it for non existent address.

That also makes the task a lot easier because you can use any old com script to add/delete the domain.

Are these messages all coming from the same IP? if yes, you could use OnClientConnect to create the domain. Make sure you force the connection to wait until the domain is created before allowing the client to pass RCPT TO.

[mattg]

I think this is a use case for 'default domain', much as I really dislike that concept normally

[mikedibella]

I think the domain has to be created before you receive a message on it, or else hms will kick it for non existent address.

Yup, I think you are right. I thought I remembered that there was an OnSMTPData event, that I presumed was kicked once for each verb in the protocol sequence, but I don't see that in the documentation. I must have been remembering another platform's hooks.

So I can't hook the RCPT TO verb and create a Domain and Account under it for missing subdomains under the desired parent.

[mattg]

Default domain, with a catch-all address will ACCEPT all mail

[mikedibella]

My understanding of Default Domain is that it acted as the RFC 5322 domain part for an address that contains only a local part. So that if a message is submitted

RCPT TO:local-user

It will be processed as

RCPT TO:local-part@default-domain

Am I misunderstanding how it works?

But in the use case described above, the envelope looks like:

RCPT TO:local-part@on-the-fly-part.parent-domain

the domain on-the-fly-part.parent-domain doesn't exist when the RCPT TO: verb is invoked.

[mattg]

My aging memory says that any non-routable domain will have the 'default domain' appended to it

For example

If Default domain is 'example.com"
Mail addresses to matt@sub.domain.local
will be delivered to matt@sub.domain.local@example.com

And that a catchall at example.com, would in fact receive that mail message


I find this really silly for normal use, but it may suit your purposes

[jimimaseye]

My aging memory says that any non-routable domain will have the 'default domain' appended to it

For example

If Default domain is 'example.com"
Mail addresses to matt@sub.domain.local
will be delivered to matt@sub.domain.local@example.com

I would find that astonishing if that were true to the point of I don't believe it. I think it's more like mike's method. In fact documentation says:

Default domain

This setting allows you to specify what domain hMailServer should default to if a user does not specify the domain name when logging on. For example, if you specify that the default domain is example.com, and a person tries to log on using the user name "bob", hMailServer will assume that it is "bob@example.com" which is trying to logon.

That goes along with our belief. I guess testing will prove one way or the other.

[Entered by mobile. Excuse my spelling.]

[SorenR]

I think the domain has to be created before you receive a message on it, or else hms will kick it for non existent address.

Yup, I think you are right. I thought I remembered that there was an OnSMTPData event, that I presumed was kicked once for each verb in the protocol sequence, but I don't see that in the documentation. I must have been remembering another platform's hooks.

So I can't hook the RCPT TO verb and create a Domain and Account under it for missing subdomains under the desired parent.

There IS an OnSMTPData event but it does not kick in until AFTER recipient has been validated.

You MAY succeed IF you run TWO hMailServer in tandem, the first as a relay (BackupMX'ish) to capture details from the emails in transit in order to potentially trigger a script to create the targeted domain on THE SECOND hmailserver BEFORE the email is delivered.

This is hardcore

Actually... In the domain configuration there is a tab "Names"... If you add a domain in here it becomes an alias that can be addressed.

... And no ... you can't add "*.mydomain.tld" in Names, already tried it BUT you can add "subdomain1.mydomain.tld", "subdomain2.mydomain.tld", "subdomain3.mydomain.tld" ... etc. for as long as you like.

[palinka]

Actually... In the domain configuration there is a tab "Names"... If you add a domain in here it becomes an alias that can be addressed.

Now we're getting somewhere. Maybe its possible to program the sending client to make its HELO rando-subdomain.domain.com. Then, you could capture the subdomain at OnHELO and use it to add the "Name". Of course, this would only work if the message is not relayed through another server. OP has not mentioned the probable sequence of events yet (who, what, how the message is being sent).

[SorenR]

... And no ... you can't add "*.mydomain.tld" in Names, already tried it

It may actually work ... I tried to send from one domain to another domain (acme.inc) on the same server and just realized since "new.acme.inc" does not exist on the server it will do a DNS lookup and fail since I don't have A/MX records for "*.acme.inc" defined.

Perhaps a "wildcard route" could do it, it would allow time to create the domain alias before the message comes back into the server - IIRC it stays in the delivery queue for 1 minute and once the domain alias is created it would (probably) not use the wildcard route again for that domain alias.

[mikedibella]

OK, so maybe all I need to have is a configuration that allows the submission to be accepted regardless of subdomain so that the on-demand provisioning can be handled in the OnSMTPData firing BEFORE delivery takes place.

I do think a single-hMS implementation of this solution would be preferable to a relay-endpoint model, even though I'm inclined to think best practice would be not to commingle "static" and "dynamic" domains on the same server.

[SorenR]

Well, could not help it

My test domain is: acme.inc
I created the domain in hMailServer and assigned "*.acme.inc" under the "Names" tab on the domain.
I created the domain "acme.inc" in my local DNS and set "*.acme.inc MX 10 mx.myhmailserver.tld"

As it is right now, the first email to an unknown acme.inc SUBDOMAIN (like wile.e.coyote@new.acme.inc) will be lost into oblivian or where ever hMailServer do away with it but the subdomain is added to the Names tab for the domain.

Perhaps some intelligent routing via an external server can bring that first email back, I dont' have the extra servers to play with right now.

Anyways...

Code: Select all

Function oLookup(strRegEx, strMatch, bGlobal)
    If strRegEx = "" Then strRegEx = StrReverse(strMatch)
    With CreateObject("VBScript.RegExp")
        .Pattern = strRegEx
        .Global = bGlobal
        .MultiLine = True
        .IgnoreCase = True
        Set oLookup = .Execute(strMatch)
    End With
End Function


Sub OnSMTPData(oClient, oMessage)

    '
    '   Test to create subdomain on demand.
    '

    EventLog.Write( "OnSMTPData - Setting up -> SubDomain on Demand <-" )
    Dim oApp
    Set oApp = CreateObject("hMailServer.Application")
    Call oApp.Authenticate("Administrator", "#VERYSECRETPASSWORD")          ' <=== DCOM logon
    Const WildcardDomains = "(acme\.inc)|(contoso\.com)"                    ' <=== CHANGE THIS, RegEx format!
    Dim i, j, strTo, strRcptTo, strAlias, oMatch, oMatches, oDomain, oAlias, NewAlias
    For i = 0 To oMessage.Recipients.Count-1
        strRcptTo = Split(oMessage.Recipients(i).Address, "@")
        strAlias = Trim(strRcptTo(1))
        EventLog.Write( "OnSMTPData - looking up domain " & strAlias )
        Set oMatches = oLookup(WildcardDomains, strAlias, False)
        For Each oMatch In oMatches
            EventLog.Write( "OnSMTPData - found domain " & oMatch )
            Set oDomain = oApp.Domains.ItemByName(CStr(oMatch))
            EventLog.Write( "OnSMTPData - number of subdomains " & oDomain.DomainAliases.Count )
            NewAlias = True
            For j = 0 To oDomain.DomainAliases.Count-1
                EventLog.Write( "OnSMTPData - lListing subdomains: " & oDomain.DomainAliases(j).AliasName )
                If strAlias = oDomain.DomainAliases(j).AliasName Then NewAlias = False
            Next
            If NewAlias Then
                EventLog.Write( "OnSMTPData - adding subdomain " & strAlias )
                Set oAlias = oDomain.DomainAliases.Add
                oAlias.AliasName = strAlias
                oAlias.Save
            End If
        Next
    Next

End Sub

[Dravion]

This all doesnt make sense because MX entries are maintained by an DNS-Server in its hierachical Zonefile Databases (its not an SQL or NoSQL Database, its more like a LDAP Database).

However:
You can only setup 1 (one) MX DNS Entry per DNS-Domain but you can Subclass a Subdomain within the DNS-Database which needs to be propagated. A Subdomain isnt a TLD item, so propagation should be in effect within milliseconds and after it, you can add up new hMailServee Domains via VBScript.

But if you dont prepare your DNS-Server in the first plsce by another script it will not work as expected.

[SorenR]

This all doesnt make sense because MX entries are maintained by an DNS-Server in its hierachical Zonefile Databases (its not an SQL or NoSQL Database, its more like a LDAP Database).

However:
You can only setup 1 (one) MX DNS Entry per DNS-Domain but you can Subclass a Subdomain within the DNS-Database which needs to be propagated. A Subdomain isnt a TLD item, so propagation should be in effect within milliseconds and after it, you can add up new hMailServee Domains via VBScript.

But if you dont prepare your DNS-Server in the first plsce by another script it will not work as expected.

This has NOTHING to do with DNS servers... It's 100% hMailServer and how to create domain aliases to match subdomains as they come in as emails.

And the acme.inc DNS record on my local DNS... Only YOU and I know about it and I am the only one who can use it because it is behind my firewall

BUT since you mention DNS servers and subdomains...
https://en.wikipedia.org/wiki/Wildcard_DNS_record

[Dravion]

if I had a use case where I wanted to receive mail for a dynamically-generated subdomain, say thread-id.domain.com

This part is DNS-Server related and hMailServer can only
work on top of functioning DNS-Zone Information. In hMailServers code, it regulary sents DNS-Queries to the Windows OS defined DNS-Resolvers.

I doubt this is a private LAN Setup, behind a NAT-Router and a Thirdparty SMTP-Relay server.

[SorenR]

if I had a use case where I wanted to receive mail for a dynamically-generated subdomain, say thread-id.domain.com

This part is DNS-Server related and hMailServer can only
work on top of functioning DNS-Zone Information. In hMailServers code, it regulary sents DNS-Queries to the Windows OS defined DNS-Resolvers.

I doubt this is a private LAN Setup, behind a NAT-Router and a Thirdparty SMTP-Relay server.

Why do you always overcomplicate things?

It's quite simple, the wildcard domain MX record point to hMailServer and it is up to hMailServer to do something with the email.

[mikedibella]

You can only setup 1 (one) MX DNS Entry per DNS-Domain but you can Subclass a Subdomain within the DNS-Database which needs to be propagated.

I tested this using my own authoritative domain. I created a RR at mx.otamdm.net with name "*", type MX, and data [10] mx.sfatech.com.

Now, an MX query to any-host.mx.otamdm.net returns mx.sfatech.com.

[mikedibella]

As it is right now, the first email to an unknown acme.inc SUBDOMAIN (like wile.e.coyote@new.acme.inc) will be lost into oblivian or where ever hMailServer do away with it but the subdomain is added to the Names tab for the domain.

I might have a dig into the source to try to figure this out. My guess is that hMS had decided that the mail was unroutable before OnSMTPData was fired, but fired it anyway. So by the time the script had paved the way, the vehicle had already driven into a ditch.

[SorenR]

As it is right now, the first email to an unknown acme.inc SUBDOMAIN (like wile.e.coyote@new.acme.inc) will be lost into oblivian or where ever hMailServer do away with it but the subdomain is added to the Names tab for the domain.

I might have a dig into the source to try to figure this out. My guess is that hMS had decided that the mail was unroutable before OnSMTPData was fired, but fired it anyway. So by the time the script had paved the way, the vehicle had already driven into a ditch.

I only tested this locally, it may behave differently if mail is received from external source. Anyways, the code describe how to extract the domain and update the DomainAlias and ...

Set oApp = CreateObject("hMailServer.Application", "otherserver")

will work with DCOM on "otherserver" in case you want to try the relay/backupmx route...

[Dravion]

Why do you always overcomplicate things?

Its not my problem that you dont know anything about how DNS-Servers work.

[SorenR]

Why do you always overcomplicate things?

Its not my problem that you dont know anything about how DNS-Servers work.

I know enough and if I need to know more I'll read the rest of the book.